As you can see above my home's network Gateway (192.168.1.1) is a Tomato Firmware 1.23 router that controls everything DHCP, QOS, Access Restrictions etc. The only thing I do not have on this router is the OpenVPN since the tomato firmware does not support this.

In order to enable OpenVPN in my home network I had to put another router that runs DD-WRT firmware v.24 (Mega), and creates another subnet in my home LAN (192.168.3.1).

This works fine but the main problem with this setup is that every time I want to access my PCs and devices on my home LAN (192.168.1.1) I have to tell to my OpenVPN client to route all the traffic through my home network. This needs to be done since whenever I connect to the DD-WRT router through OpenVPN I only see that router's subnet (192.168.3.1) and I am unable to see the 192.168.1.1 subnet. But by routing my traffic through home, the traffic passes through the 192.168.1.1 gateway and therefore is possible to see the PCs and devices in that LAN. But the problem with this is that my home bandwidth is reduce substantially since everything that I am doing online has to pass through home.

What I want to do, is to somehow disable the NAT functionality on the DD-WRT router and use it as a simple VPN server. What I hope here is that whenever I connect to my home LAN I would get an IP from the subnet 192.168.1.1 and therefore, If no NAT exists on 192.168.3.1 router, I would be able to access my PCs and devices without the need to route all my traffic through my home LAN.

Dear all,
As you can see above my home's network Gateway (192.168.1.1) is a Tomato Firmware 1.23 router that controls everything DHCP, QOS, Access Restrictions etc. The only thing I do not have on this router is the OpenVPN since the tomato firmware does not support this.

Click to expand...

There are at several mods of Tomato v1.23 that include OpenVPN. I have been using the one described here for several months with no problems.

Hi fyellin,
I am using Victek's mod 1.23. There are some of the features that I find useful there as well. Is there a mod with OpenVPN that is based on Victek's mod?

Click to expand...

Sorry. I assumed that you were running vanilla Tomato, rather than running another mod. Victek or SgtPepperKSU can probably give you more information about the availability of a mod that features from both of their mods.

SgtPepperKSU has also been working on putting all the mods under a single source tree, so that you can pick and choice the features you want, and build your own. I don't know its current status.

I hope that SgtPepperKSU is following this thread, because he is more familiar with OpenVPN than I am.

You ought to be able to put your DD-WRT behind your Tomato, and tell it that it is a "router" rather than a "gateway". You will need to tell the Tomato to forward all traffic on UDP 1194 (or whatever you use) to the OpenVPN machine.

I'm sure there are some details I'm leaving out, but there is no reason that the machine running OpenVPN needs to be talking directly to the ISP, rather than just being another machine on your LAN.

Thanks a lot you are a great help. If I understand you well, what you are saying is that if I set the DD-WRT as "router" rather than a "gateway" I will be able to "see" the 192.168.1.1 subnet when I connect from outside my home. Is this correct?

what you are saying is that if I set the DD-WRT as "router" rather than a "gateway" I will be able to "see" the 192.168.1.1 subnet when I connect from outside my home. Is this correct?

Click to expand...

I think it should work fine even with the router in "Gateway" mode, but since you don't really need a separate subnet, you may as well change it to "Router" mode (that way if you plug computers into the DD-WRT router someday, they'll be on the same subnet as everything else).

Right now, you likely are able to send packets from across the VPN to the entire 192.168.1.0/24 subnet (depending on the OpenVPN configuration and routing on the DD-WRT router), but the 192.168.1.0/24 computers don't know where to send the return packets for their response. You will need to either place a NAT on the DD-WRT traffic (so it looks like it comes directly from the DD-WRT router) or add a route to your Tomato router (so the return traffic knows it needs to be routed through the DD-WRT router). I would suggest the latter.

I can help you establish the rules needed for either method, but it would help tremendously if you provided the OpenVPN config from your DD-WRT router.

FYI: if you place

Code:

...

tags around ascii diagrams (like what you drew in your first post), it keeps the spacing. I think fyellin fell into the same thing I did at first - it looked like you had both routers plugged directly into your modem.

I think that the best choice for me will be to place a NAT route on either the tomato or DD-WRT. But I am afraid that I do not know how to do that exactly. What is the main concept behind this idea? I tell the router to route all traffic that is designated for the 192.168.1.0/24 subnet to 192.168.1.1 router and back?